Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Pacific Gas & Electric Co. agreed to pay $70 million in restitution to San Bruno, California, for the 2010 pipeline explosion that killed 8 people and destroyed 38 homes. – Associated Press

1. March 12, Associated Press – (California) PG&E to pay $70M for deadly Calif. pipeline blast. Pacific Gas & Electric Co. (PG&E) agreed to pay $70 million in restitution to San Bruno, California for the 2010 pipeline explosion that killed eight people in the San Francisco suburb, company and city officials said March 12. In a joint statement, PG&E and San Bruno said the money will be used to establish a nonprofit organization to help the community recover from the September 9, 2010, blast, which also injured dozens of people and destroyed 38 homes. The agreement does not settle about 90 civil lawsuits victims filed against the San Francisco-based company. A trial has been set for July 23 in San Mateo County Superior Court. The new nonprofit organization will determine how the restitution is spent for the benefit of the community. PG&E will make the $70 million payment within 30 days and will not seek to recover the money through insurance or utility rates, officials said. PG&E officials have said the firm plans to compensate blast victims and hopes to settle the civil lawsuits. Federal investigators blame PG&E for the explosion, saying a litany of failures led to the blast, which they concluded was the result of an “organizational accident,” not a simple mechanical failure. Escaping gas fed a pillar of flame 300 feet tall for more than 90 minutes before workers were able to manually close valves that cut off gas to the ruptured pipeline. Investigators said the damage would have been less severe had automatic valves been in place. State regulators also cited the firm’s woeful record-keeping, haphazard response to emergencies, and failure to follow federal pipeline safety laws and accepted industry practices. Source: http://www.google.com/hostednews/ap/article/ALeqM5hz0OcCr8srPR4Bwa1_Ngs5rs97zw?docId=d5939ddf3e4b42dab4769eb040d019e6

• A dozen earthquakes in Ohio were almost certainly induced by the injection of gas-drilling wastewater into the earth, state regulators said March 9 as they announced a series of tough new rules for drillers. – Associated Press

6. March 9, Associated Press – (Ohio) Ohio: Gas-drilling injection well led to quakes. A dozen earthquakes in northeastern Ohio were almost certainly induced by injection of gas-drilling wastewater into the earth, state regulators said March 9 as they announced a series of tough new rules for drillers. Among the new regulations, well operators must submit more comprehensive geological data when requesting a drill site, and the chemical makeup of all drilling wastewater must be tracked electronically. The state department of natural resources announced the tough new brine injection rules because of the report’s findings on the well in Youngstown, which it said were based on “a number of coincidental circumstances.” They also noted the seismic activity was clustered around the well bore and reported a fault has since been identified in the Precambrian basement rock where water was being injected. Northeastern Ohio and large parts of adjacent states sit atop the Marcellus Shale geological formation, which contains vast reserves of natural gas that energy companies are rushing to drill using a process known as hydraulic fracturing. Source: http://online.wsj.com/article/AP6f04bbcf2fb9418d9a9befaa122c3dbd.html

• The U.S. Nuclear Regulatory Commission ordered all nuclear plants in the country to better protect safety equipment and install enhanced equipment for monitoring spent fuel pool, water levels. – Pottstown Mercury

11. March 11, Pottstown Mercury – (National) New NRC rules aimed at preventing explosions. The U.S. Nuclear Regulatory Commission issued two “Fukushima-related” orders to all nuclear plants in the country March 9. The first order “requires the plants to better protect safety equipment installed after the 9/11 terrorist attacks and to obtain sufficient equipment to support all reactors at a given site simultaneously.” The second order “requires the plants to install enhanced equipment for monitoring water levels in each plant’s spent fuel pool.” Other plants may be issued additional orders. Exelon Nuclear has until the end of 2016 to install a new ventilation system at the Limerick Generating Station in Limerick Township, Pennsylvania, designed to prevent the kind of explosions that blew apart Japan’s Fukushima Dai-ichi nuclear reactor buildings in March 2011. Source: http://www.pottsmerc.com/article/20120311/NEWS01/120319926/-1/BLOGS/new-nrc-rules-aimed-at-preventing-explosions

• A bus driver and a student were killed and 10 other students were injured March 12 when a school bus crashed into a bridge outside of Indianapolis. – MSNBC; Associated Press

18. March 12, MSNBC; Associated Press – (Indiana) Bus driver, student killed in school bus crash. A bus driver and a student were killed March 12 when a school bus crashed into a bridge outside of Indianapolis, WTHR 13 Indianapolis reported. Ten other students were injured after the bus struck a bridge support beam, officials said. Two of the injured students were listed in critical condition. An Indianapolis Fire Department captain said the two critically injured students and eight others whom she characterized as “walking wounded” were taken to nearby hospitals. She said fire department crews spent about 45 minutes extricating 4 people from the bus. The driver of the busï»¿ï»¿ï»¿ died at the scene, and there is no word yet on what led to the crash. The bus was transporting children to Lighthouse Charter School just north of Beech Grove, Indiana. WISH 8 Indianapolis reported that as many as 50 children ranging from ages 5 to 16 may have been on the bus. The uninjured students were taken to the school about 2 miles away from the accident scene. Source: http://usnews.msnbc.msn.com/_news/2012/03/12/10652099-bus-driver-student-killed-in-school-bus-crash

• Nearly one-third of the student population, about 500 students, was absent March 9 from 2 schools in Algonquin, Illinois, due to norovirus. – Elgin Courier-News

33. March 11, Elgin Courier-News – (Illinois) Norovirus blamed as almost 500 Dist. 300 children absent. Nearly one-third of the student population, about 500 students, was absent March 9 from Westfield Community School, and Community Unit School District 300 in Algonquin, Illinois, alerted parents to numerous reports of the norovirus. More than half — 262 — of all elementary school students and 223 middle school students were absent March 9 from Westfield, a District 300 spokeswoman said. Those numbers jumped from 35 percent of elementary students and doubled in the middle school from the day before, she said. That is when the Carpentersville-area district e-mailed families and staff to let them know about the high rate of students reporting norovirus symptoms. The Kane County Heath Department confirmed norovirus samples from several students who were sick March 9, according to a written statement. The virus is more commonly known as the stomach flu or food poisoning. Source: http://couriernews.suntimes.com/news/schools/11182065-418/norovirus-blamed-as-almost-500-dist-300-children-absent.html

• A nationwide drug shortage has led to ambulance services and other first responders to scramble at the last minute to find life-saving anti-seizure medications. – CNN; WCBS 2 New York

38. March 10, CNN; WCBS 2 New York – (National) Nationwide drug shortage problem increasing. A nationwide drug shortage that is dogging the Food and Drug Administration (FDA) is hitting home with first responders CNN and WCBS 2 New York reported March 10. For emergency medical technicians, shortages can mean the difference between life and death. Nationwide, anti-seizure drugs including intravenous Valium, Versed, and Ativan are among the dozens of drugs — including cancer treatments — that are in short supply. The Monmouth Ocean Hospital Service Corporation Health Services ambulance service said it had to special order a temporary replacement anti-seizure drug to avoid running out the weekend of March 10. The FDA said it tracked at least 220 shortages in 2011, and claims it prevented 114, but admits the problem is far from solved. Source: http://www.wdam.com/story/17126976/nationwide-drug-shortage-problem-increasing

Details

Banking and Finance Sector

14. March 10, Burlington Hawk Eye – (Iowa; National; International) Fraud to hit more than 1,000 cardholders. After all is said and done, there will be more than 1,000 debit/credit cardholders in the southeast Iowa region, particularly in the Burlington area, who will have been affected by a recent wave of fraudulent transactions that surfaced in recent weeks, the Burlington Hawk Eye reported March 10. That figure is estimated based on the current number of customers area banks said have been victimized or have the potential of their card data being illicitly used. The transactions reportedly have occurred at retail stores from California, the East Coast, and as far north as Canada. Local law enforcement and bank fraud detection units are working to pinpoint the common denominator for the breach. Also, there have been reports of many cell phone customers having received a text message about their debit cards. The message indicates there is a problem and to call the number provided. “We’re thinking of reissuing somewhere in the neighborhood of 400 cards,” the president of Two Rivers Bank & Trust said. Officials at First Federal Bank proactively approached the problem, according to its president. “It’s about 400 customers in southeast Iowa,” he said. First Federal got information the past 2 weeks from Shazam, a card services company, about the cards and how many were affected by fraudulent transactions. Source: http://www.thehawkeye.com/story/Fraud-031012

15. March 9, Seattle Times – (Washington; International) Kirkland man pleads guilty in ATM ‘skimming’ scheme. The leader of an ATM “skimming” ring with ties to a Romanian organized crime ring pleaded guilty March 9 in federal court in Seattle to bank fraud, conspiracy, access device fraud, and aggravated identity theft. The man oversaw a ring of fellow Romanians –- some in the country illegally — that stole hundreds of thousands of dollars by using high-tech devices to skim credit card information and secretly capture bank customers’ personal identification numbers, according to the U.S. attorney’s office. Much of that money went overseas to Romania, prosecutors said. The U.S. attorney’s office said a Secret Service investigation showed the man had been involved in credit-card skimming in the Seattle area since 2007. He has agreed to pay $357,256 in restitution, surrender $10,000 in cash seized when he was arrested, and forfeit three vehicles, computer equipment, and three firearms. Source: http://today.seattletimes.com/2012/03/kirkland-man-pleads-guilty-in-atm-skimming-scheme/

For another story, see item 47 below from the Commercial Facilities Sector

47. March 10, Associated Press – (Oklahoma) Credit card numbers stolen at McDonald’s. Federal prosecutors have accused four Ohio men of stealing customers’ credit card numbers from the drive-thru at a McDonald’s in Tulsa, Oklahoma. A McDonald’s worker told authorities he used a handheld skimming device for 3 weeks to capture the card numbers, according to a complaint filed March 8 in federal court. The employee told authorities he sold the numbers to an accomplice. The four defendants are in jail on charges they re-encoded other cards to buy iPads and laptop computers. The complaint said investigators discovered “approximately 282” card numbers on a laptopin a suspect’s vehicle. Ponca City police arrested the men October 16, 2011 on suspicion of using counterfeit cards at a Wal-Mart Supercenter. The four had debit and gift cards encoded with stolen numbers, and inside a vehicle, authorities found a laptop, a magnetic card reader and writer, three iPads, and Wal-Mart receipts, the complaint said. The McDonald’s employee told authorities his accomplice would come to his apartment each night and download the card numbers from the skimmer. He said he was paid $600 and given two laptops and a Nintendo 3DS. Source: http://www.wkyc.com/news/state/article/235111/23/Credit-card-numbers-stolen-at-McDonalds

Information Technology

41. March 12, H Security – (International) Pwn2Own ends with three browsers felled. By the end of the Pwn2Own competition at CanSecWest, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox were all subject to zero day exploits, the H Security reported March 12. Chrome fell a second time in Google’s own Pwnium contest with an attack that pulled together three zero-day vulnerabilities. The first Chrome exploit by the VUPEN team is thought to have leveraged flaws in the Flash player bundled with the browser, while their Internet Explorer exploit first provoked a buffer overflow on the heap working around DEP and ASLR protections. The team then made use of a memory error to break out of the sandbox (protected mode) of the browser. Mozilla Firefox fell to a team of two. Their zero day vulnerability in Firefox involved a use-after-free problem that evaded DEP and ASLR protections in Windows 7. According to reports, the vulnerability was used to leak data multiple times that was then used to prepare code to be executed, again through the same vulnerability. At Google’s Pwnium contest, Chrome fell a second time after a hacker going by the name of “Pinkie Pie” chained three zero-day vulnerabilities in Chrome together to break out of the sandbox and execute code. Google later patched Pinkie Pie’s vulnerabilities and announced the changes are being distributed in an update to the stable version of Chrome. Further changes are expected to harden the browser against CVE-2011-3046 and CVE-2011-3047, the CVE numbers allocated to Pinkie Pie’s vulnerabilities. Source: http://www.h-online.com/security/news/item/Pwn2Own-ends-with-three-browsers-felled-Update-1469096.html

42. March 9, CNET – (International) Danish firm outlines two unpatched Safari vulnerabilities. The Danish IT security firm Secunia released an advisory March 9 regarding two unpatched vulnerabilities in Apple’s Safari 5 Web browser. The vulnerabilities so far are not known to be actively exploited; however, if done, they could allow an attacker to run malicious software and conduct spoofing attacks. The first vulnerability is in Safari’s plug-in handling system, where in some instances when interacting with the plug-in (such as by accessing its settings or contextual menus), if a user navigates to a new page, the plug-in may be unloaded in a way that allows it to write to freed memory and thereby allow code to be injected into components of memory no longer being controlled by the plug-in process. Secunia was able to exploit this bug in Safari version 5.1.2 (the Windows version) using the RealPlayer and Adobe Flash plug-ins, though the company warns other versions may also be affected. The second vulnerability is a problem with a built-in function called “setInterval,” where when exploited, a malicious attack can display arbitrary contents on the screen when a trusted URL isvisited, potentially allowing for spoofing and misleading people visiting those pages. This bug was found in version 5.0.5 of the Web browser, but was partially fixed in version 5.1.2, though it apparently is still exploitable. Source: http://news.cnet.com/8301-1009_3-57394491-83/danish-firm-outlines-two-unpatched-safari-vulnerabilities/

43. March 9, V3.co.uk – (International) Stricken Kelihos botnet rises from the dead. The Kelihos botnet that Microsoft claimed to have taken down in 2011 re-emerged with new tools aimed at rebuilding and infecting computers, according to security researchers, v3.co.uk reported March 9. They warned the resurgent botnet is being used to steal credentials, install malware, and distribute millions of German stock-related spam messages. According to Swiss researchers at the Abuse.ch blog, the new version of Kelihos is using a .eu domain in combination with so-called fast flux techniques. Fast flux is a DNS technique used by botnet operators to mask malware hosting Web sites behind a constantly-changing network of compromised machines, which act as proxies. Previously, Kelihos used domains associated with the Czech Republic. Security firm GFI also warned a new variant of Kelihos is on the loose, with those behind it seemingly intent on rebuilding the botnet. Microsoft said it shut down the botnet in September 2011. Security firm Kaspersky Labs, which worked with Microsoft on the initial Kelihos takedown reported seeing new variants of the botnet as early as January 2012. Source: http://www.v3.co.uk/v3-uk/news/2158406/stricken-kelihos-botnet-rises-de

Communications Sector

44. March 10, Niagara Gazette – (New York) Thieves try to take copper from Falls cell tower. Two men attempting to steal copper wiring and metal piping from a cell phone tower and generator in Niagara Falls, New York, were interrupted when a technician arrived to determine why power had been cut. Police were called to a warehouse March 9, and were met by a field operations technician for Cricket Communications. The worker said Cricket has a cell tower and generator on top of the warehouse along with copper wiring running behind the building. The technician said he received a call from the network operator informing him power had been lost. When he arrived, he heard someone running and tried to chase the suspects down but was unsuccessful. He then found copper wiring from the tower and generator had been removed and rolled onto spools, and metal piping had been cut and placed on the ground. Police found a pair of bolt cutters nearby. The owner of the warehouse looked at surveillance video and said the footage shows two people with flashlights near the phone generator rolling up copper wiring. Damage to the tower and generator was estimated at $5,000. Source: http://niagara-gazette.com/local/x2029123084/Thieves-try-to-take-copper-from-Falls-cell-tower

• Cleanup efforts began March 9 along Interstate 70 near Eagle, Colorado, after a tanker spilled 7,200 gallons of diesel fuel, closing all lanes for several hours. One lane in each direction will remain closed during the day until at least March 13. – Associated Press

2. March 9, Associated Press – (Colorado) Cleanup of oil tanker crash could slow I-70 traffic near Eagle through at least Tuesday. Cleanup efforts began along Interstate 70 near Eagle, Colorado, after a tanker spilled 7,200 gallons of diesel fuel following a crash with SUV March 8. All lanes of I-70 were closed for several hours. While some fuel did get on the highway, most of it was contained in the median. The transportation department said environmental crews worked through the weekend of March 10 to excavate soil contaminated by the spill. As a result, one lane in each direction of I-70 will remain closed during the day until at least March 13. Source: http://www.therepublic.com/view/story/866c7716561242d494ec76aedf343218/CO--Fuel-Spill/

• San Antonio Water System crews responded when more than 84,000 gallons of a sewer and rainwater mixture spilled into a green belt March 8. Vandals had wedged a board into a manhole which caused a blockage and spill. – KSAT 12 San Antonio

21. March 9, KSAT 12 San Antonio – (Texas) Vandals cause 84,000-gallon sewage spill. San Antonio Water System (SAWA) crews responded a major sewage spill March 8. SAWS officials said vandals wedged a board into a manhole which caused a blockage that forced a sewer spill into a green belt. Officials said more than 84,000 gallons of a sewer and rainwater mixture spilled into the area. SAWS crews pumped out most of the waste water, but continued to work on the spill into early March 9. SAWS reports no harmful impact on the area. Source: http://www.ksat.com/news/Vandals-cause-84-000-gallon-sewage-spill/-/478452/9266356/-/93aeke/-/index.html

• Two more suspicious letters with non-hazardous powder were delivered in Washington, D.C., March 8, at a school and a restaurant. Law enforcement agencies were investigating possible links between about 20 suspicious letters delivered in six states and Washington, D.C. – WJLA 7 Arlington

30. March 8, WJLA 7 Arlington – (National) FBI investigates suspicious letters delivered to schools, businesses in D.C., 6 states. Two more suspicious letters with powder were delivered in Washington, D.C., March 8, one at Amidon Bowen Elementary and one at Bibiana restaurant. Oyster-Adams Bilingual School evacuated after suspicious letters were found. FBI agents and local law enforcement agencies were investigating possible links between about 20 suspicious letters delivered in Washington, D.C., Texas, Alabama, Massachusetts, Rhode Island, Connecticut, and New York City. The six letters discovered in Washington, D.C.appear to be linked and all of them were tested and are not hazardous, officials said. Bibiana became the third Italian restaurant in Washington D.C. to receive a suspicious mailing with white powder inside. HAZMAT crews removed the letter for testing. March 8, another school received an alarming delivery. Office personnel found an envelope containing white powder at Amidon Bowen Elementary. The envelope was found before students arrived at school. The Washington, D.C. Department of Health and Oyster Adams Bilingual School were evacuated March 7. Before that, two other Italian restaurants were evacuated the week of March 5. A woman on a stretcher was taken out of the Department of Health after a letter containing white powder was found. Just hours before that, the Oyster Adams Bilingual School was evacuated when another letter was found. It contained flour and children returned to school about an hour later. Several schools in the Dallas area, a middle school in Connecticut, an art museum in New York City, a bank in Birmingham, Alabama, and schools in Massachusetts and Rhode Island all received similar letters. Law enforcement sources said, the letters are not addressed to anyone in particular. “We’ll investigate who is responsible, because we can’t have this type of drain on our federal, state, and local authorities and not to mention the panic it causes the community,” said the Chief of the Enfield, Connecticut Police. Source: http://www.wjla.com/articles/2012/03/fbi-investigates-suspicious-letters-delivered-to-schools-businesses-in-d-c-6-states-73553.html

• A medical board that oversees paramedics and other emergency medical services in southern Nevada is exploring the possible use of alternatives in the face of shortages of key medications. The board also voted to extend the expiration dates on eight critical drugs if there is a shortage. – Las Vegas Review-Journal

36. March 8, Las Vegas Review-Journal – (Nevada; National) Drug shortages for paramedics forces review. Alarmed by drug shortages that could affect the lifesaving efforts of paramedics, a medical board that oversees emergency medical services in southern Nevada is exploring the possible use of alternative medications, which would require the re-education of rescue personnel, the Las Vegas Review-Journal reported March 8. The board also voted March 7 to extend the expiration dates on eight critical drugs, giving them a longer shelf life if new supplies are slow in coming. Stressing that ambulances remain well-equipped with the drugs long in use by first responders, the chairman of the medical advisory board of the Southern Nevada Health District said it is being proactive in dealing with a national problem that is affecting both hospitals and emergency medical services. Though the Food and Drug Administration requires manufacturers to conduct studies to determine the stability and shelf life of their products and to label them accordingly, medical advisory boards can legally extend their expiration dates in the interest of public health. Only recently, at a February conference of emergency physicians in Dallas, has it come to light that the problem could extend to paramedics. Source: http://www.lvrj.com/news/drug-shortages-have-medical-board-looking-for-alternatives-142005293.html

Details

Banking and Finance Sector

11. March 9, Sacramento Bee – (California) Coroner identifies man police shot outside Citrus Heights bank. The Sacramento County Coroner’s Office March 8 released the name of the bank robber shot by Citrus Heights, California police. Police said that the man claimed to have a gun and an explosive device when he held up the bank March 7. Police said at about 4:15 p.m., police received a call of a crime in progress at a Union Bank branch. Officers surrounded the bank before the man came out of the building. Feeling threatened, police fired at the man, who was pronounced dead at the scene. Because of the report of an explosive device, police cleared the area and called in the Sacramento County Sheriff’s Department bomb squad. About 7:30 p.m., it was determined there was not an explosive device at the bank. Source: http://www.sacbee.com/2012/03/09/4323718/coroner-identifies-man-police.html

13. March 8, WTVT 13 Tampa Bay – (Florida) Traffic stop uncovers massive credit card theft. Dozens of fake credit cards adding up to thousands of dollars worth of stolen goods and merchandise were found in a car stopped on Interstate 75 in Fort Myers, Florida, March 7. The Lee County Sheriff’s Office said two men from Tampa were using stolen cards. Investigators said the cards could have been used to clean out the accounts of people who had no idea their personal information had been stolen. Deputies pulled over a vehicle on Interstate 75 for illegal window tint and found 43 cloned credit cards, and trash bags filled with cigarettes bought with stolen account numbers. The two men face possession charges for having enough cards to potentially spend $384,000 of other people’s money. Source: http://www.myfoxtampabay.com/dpp/consumer/traffic-stop-uncovers-massive-credit-card-theft-03082012

14. March 8, Associated Press – (California) Guilty plea in LA indie film investment scam. A Los Angeles man pleaded guilty to federal charges saying he was part of a telemarketing scam that solicited more than $9 million for independent films. Federal prosecutors said the man entered the plea Wednesday on one count of conspiracy to commit mail fraud, wire fraud, and the sale of unregistered securities, which carries a 5-year maximum sentence. He is the last of nine defendants in the case to plead guilty. None have been sentenced yet. According to prosecutors, the defendants lied to investors nationwide and falsely promised 1,000 percent returns. The indictment alleges telemarketers for Q Media Assets LLC fraudulently raised about $9 million for a film and a sequel. Source: http://www.sacbee.com/2012/03/08/4323306/guilty-plea-in-la-indie-film-investment.html

Information Technology

37. March 9, Help Net Security – (International) IE 9 hacked at Pwn2Own, Google patches Chrome bugs. After the success they had with attacking Google’s Chrome browser, the team of vulnerability researchers from French firm VUPEN also managed to hack Microsoft’s Internet Explorer (IE) 9 on a fully patched Windows 7 SP1 machine. They managed to bypass the browser’s DEP and ASLR protection with a 0-day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox. According to VUPEN’s founder, these particular flows have existed in previous incarnations of the browser — all the way back to IE 6 — and will very likely work on the upcoming IE 10. According to ZDNet, he also said that the memory corruption bug they used is only one of the many vulnerabilities they found that can be used to break out of IE’s Protected Mode, but also admitted the new IE 10 will be much harder to break into, as Microsoft has added new protection mechanisms. If the VUPEN team wins the contest, Microsoft will get its hands only on the information regarding the heap overflow bug. In the meantime, it was confirmed that a security researcher will receive the monetary prize he earned March 8 at the Google-sponsored Pwnium contest. The bugs he used to bypass Chrome’s sandbox were already patched by Google by pushing out a new version of the browser that includes a fix. Source: http://www.net-security.org/secworld.php?id=12569

38. March 9, H Security – (International) Microsoft’s Patch Tuesday will close a critical Windows vulnerability. During the week of March 12, Patch Tuesday will see Microsoft publish a total of six bulletins, including one that addresses a critical vulnerability in all versions of Windows from Windows XP service pack 3 to Windows 7 service pack 1 and Windows Server 2008 R2. The rating means the hole enables attackers to infect a system via the Internet and inject malicious code. Other bulletins will address a privilege elevation flaw which affects the same span of Windows versions. Microsoft also plans to close an important denial of service vulnerability in Windows Server 2003 SP2, 2008 SP2, and 2008 R2. Another bulletin will address a “moderate” denial of service bug which affects Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2. Windows developers will find an elevation of privilege flaw in Visual Studio 2008 and 2010 is also addressed. All versions of another development tool, Microsoft Expression Design, will also receive a fix for an important remote code execution flaw in the application. Source: http://www.h-online.com/security/news/item/Microsoft-s-Patch-Tuesday-will-close-a-critical-Windows-vulnerability-1468103.html

39. March 8, Ars Technica – (International) How Anonymous plans to use DNS as a weapon. After engaging in a recent rash of attacks in retaliation for the takedown of file-sharing site Megaupload, the Anonymous’s denial of service tools have not been as active. Disappointed with the current denial of service tools at their disposal, members of Anonymous are working to develop a next-generation attack tool that will, among other options, use the Domain Name System (DNS) itself as a weapon. The scale and stealthiness of the technique, called DNS amplification, is its main draw for Anonymous. DNS amplification hijacks an integral part of the Internet’s global address book, turning a relatively small stream of requests from attacking machines into a torrent of data sent to the target machines. Source: http://arstechnica.com/business/news/2012/03/how-anonymous-plans-to-use-dns-as-a-weapon.ars

Communications Sector

40. March 9, Softpedia – (International) Experts find vulnerabilities in CudaTel 2.0, Barracuda responds. Vulnerability Lab experts identified a number of Web vulnerabilities in Barracuda’s CudaTel Phone Application 2.0.029.1, which is part of the CudaTel Communication Server, an easy-to-use audio-video communication system that is used by businesses worldwide. The founder and chief executive officer (CEO) of Vulnerability Lab identified the high risk security holes that affect Barracuda’s product and their customers. The multiple persistent Input Validation vulnerabilities could be remotely exploited to inject malicious code and manipulate modules by leveraging persistent context requests, even on accounts with fewer user rights. “When exploited by an authenticated user, the identified vulnerabilities can result in information disclosure via error, session hijacking, access to available phone line services, manipulated persistent context execution out of the auto route listings,” Vulnerability Lab said. The vulnerable section was appointed as being the Automated Attendants module, which includes the Advanced Routing extension - NAME & Listing, Auto Attendants - NAME & Listing, and the ALL Types Listing Category sub-modules. The weaknesses were identified on February 19 when they were reported to the vendor. A few days later the company responded, and March 7 a fix was released. March 8, Vulnerability Lab published its findings. Source: http://news.softpedia.com/news/Experts-Find-Vulnerabilities-in-CudaTel-2-0-Barracuda-Responds-257616.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"